-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Somewhere like
archive.org too maybe -- again totally separate
inrastructure + it could be used as a un-official 'official' hash
vault for checking.
On 03/07/2016 08:27 AM, Matthew Miller wrote:
On Mon, Mar 07, 2016 at 08:32:05AM -0000, Ralf Senderek wrote:
>>> What would be proper other places to confirm the fingerprint? >>
The following criteria might be reasonable: >> - a place that has
authority, that people might trust. >> - a place that is hard to
impersonate, that has some protection >> against unauthorized use
> - a place that is visible to many people with a need to
verify.
> - a place that is known for publishing cross-checked, reliable
information
> > We could possibly add it somewhere on a Red Hat site,
which I think > would fit all of these criteria in many people's eyes.
Since it's > entirely separate infrastructure from Fedora's websites,
that would > significantly raise the bar for any targetted website
hacking. >
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJW3YRJAAoJEHeOgyS7CC5mMTkP/A7LqGO4H6KH/EQ3i/j2LG9M
rDFZ0l6tfgG3bVebKI/kxrF4nV3EIDS7n77Fo79dX24xhHIQlabhzgDz6p2slhqu
1gjG0DExIYLgyyGvfWHFj253vq1fkYZMKftftLPQZxD4krnYAUtwpGaPkEN0q/gM
swumcurdgcjlKUwHc195mcSMbE+2tNDJJ49hU44uYpKWtESajWXZ+n3EOvDsj+lj
2W3gdHpqrPJZbgTPtU8FWgmYQNq3ExDWp6Iayz2S2emeSoimjLJYCtrpPSXLRJBw
WC0TZFbZs8cZ0lJy+QJQmpm0n4M0SYRxB2rAN2R3tQ3Ro/KRC0QcEP1Yvwq0QUCK
IXiSp0QI3PftKl2SEbSdTKJW8dN0lM+Hd8ZT6EyqGWVHvlKnnaKbHCVJXzi3Acqc
UngJtGcmEMubbW02Zkpd1Odk008kUDl4AeD9wuCtwKls+fkrKjJPktIiAL7EJcLL
cSf/yYxHjw4GnSfPFkGVHEBmSZm6O3gpRh7jjdzECcBb1WQtLZ8l7iV3EJu16FWu
B4TPyV8PxAbzwehR2ZsZIXH5vB/VMLihh+gzt28cenOc/gvgC/eYsd5kmEuRsL52
jDRnGSP27my8PJ/kzcvn5ldi30NtGigpll0Ff8isl0kjg66oJaax5ouJlHQpTmjQ
D4HmOiouIBG/F91Izwfi
=6G93
-----END PGP SIGNATURE-----